Thanks to all of you who came out to listen to us speak at ResNet 2004.

We now have a mailing list and a C port underway.

This project is a way to dynamically block hosts that are infected
with some kind of virus or are in violation of a policy
(scanning/hacking/etc...). However that's not where it
stops. It can not only detect and quarantine infected hosts, it
can also notify the infected host/user that they are in violation of
something. It's basically a simple/easy way to take a great IDS
(Intrusion Detection
System) like Snort and transform it into an IPS (Intrusion Prevention
System).
The main goals were:

Low administration

Easy to deploy

Effective

Usable in a wide variety of environments

Low cost

History
This project was originally started in Sept of 2003 to combat the
massive outbreak of Nachi/Welchia etc... that plagued campus.
The original version was a shell script that ran on an OpenBSD box and
used pf. It has since been moved to a daemon written in Perl
running on Linux using IPTables. It's under current development,
adding features fixing bugs etc. There is more information
available in the News section.